Update ol8 stig

[Xeicker]

Description:

• Remove rule account_emergency_expire_date since account_temp_expire_date already covers the same requirement
• Replace audit_immutable_login_uids rule with audit_rules_immutable_login_uids. This other rule is better aligned with requirement OL08-00-030122
• Replace rule sshd_set_keepalive_0 with sshd_set_keepalive to better cover requirement OL08-00-010200
• Replace ssh_private_keys_have_passcode rule with ssh_keys_passphrase_protected, both rules are manual, but the new one includes the 'policy' directory
• Add enable_authselect to ol8 stig (This helps rules related to authselect)
• Update var_auditd_name_format. STIG OL08-00-030062 allows 'hostname', 'fqd', or 'numeric' as the stig selector for this variable
• Update tests in auditd_name_format. Cover some extra scenarios and set explicitly the var_auditd_name_format variable

Rationale:

• Update OL8 STIG to be better aligned with DISA STIG, or use more convenient rules

Review Hints:

• No new rules introduced, only new tests in auditd_name_format need more careful check.

Note: the rule ssh_private_keys_have_passcode is no longer in use, let me know if it is reasonable to delete it, as it is basically the same as ssh_keys_passphrase_protected

[openshift-ci]

Hi @Xeicker. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[github-actions]

Start a new ephemeral environment with changes proposed in this pull request:

rhel8 (from CTF) Environment (using Fedora as testing environment)

Fedora Testing Environment

Oracle Linux 8 Environment

[github-actions]

🤖 A k8s content image for this PR is available at:
ghcr.io/complianceascode/k8scontent:11828
This image was built from commit: 65b9629

Click here to see how to deploy it

If you alread have Compliance Operator deployed:
utils/build_ds_container.py -i ghcr.io/complianceascode/k8scontent:11828

Otherwise deploy the content and operator together by checking out ComplianceAsCode/compliance-operator and:
CONTENT_IMAGE=ghcr.io/complianceascode/k8scontent:11828 make deploy-local

[codeclimate]

Code Climate has analyzed commit 65b9629 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 59.2% (0.0% change).

View more on Code Climate.

[Mab879]

LGTM.

Overriding CODEOWNERs as there are no Oracle maintainers.

Waving the Automatus tests for SLE15 as they failing due since that rule isn't selected on that platform.